《基于PKI的强安全认证密钥交换 安全模型、协议构造和安全分析》杨铮|(epub+azw3+mobi+pdf)电子书下载

图书名称：《基于PKI的强安全认证密钥交换 安全模型、协议构造和安全分析》

【作　者】杨铮

【页 数】 229

【出版社】 重庆大学出版社有限公司 , 2020.09

【ISBN号】978-7-5689-2221-0

【价 格】49.00

【分 类】计算机网络-网络安全-研究-英文

【参考文献】 杨铮. 基于PKI的强安全认证密钥交换 安全模型、协议构造和安全分析. 重庆大学出版社有限公司, 2020.09.

图书封面：

图书目录：

《基于PKI的强安全认证密钥交换 安全模型、协议构造和安全分析》内容提要：

PKI是PublicKeyInfrastructure的首字母缩写，翻译过来就是公钥基础设施;PKI是一种遵循标准的利用公钥加密技术为电子商务的开展提供一套安全基础平台的技术和规范。本书拟首先介绍认证密钥交换协议相关的各种先进攻击方式的模拟方法以及新型安全目标的形式化定义。同时，本书将介绍现有强安全认证密钥交换协议存在的安全问题，以及相应的安全攻击和改进方案。在此基础上，本书拟针对标准模型下的强安全认证密钥交换协议存在的难以构建、性能低下等问题，提出新型协议构建方法与性能优化关键技术。

《基于PKI的强安全认证密钥交换 安全模型、协议构造和安全分析》内容试读

Chapter 1

Introduction

Background

Authenticated Key Exchange (AKE)is one of the most famous cryptographicprimitives,which is used to protect our daily online communication and cover aninsecure network.That is,the main task of an AKE protocol is to enable two ormore parties to agree upon a shared session key over an open network.Thesession key will be used later to establish a secure channel for securing theunderlying data transmission of various network applications.To avoid theunauthorized use of identity,entity authentication should be done during the keyexchange procedure of an AKE protocol.In this book,we focus on theauthentication mechanism that is built upon the standard public key infrastructure(PKI)that is a set of roles,policies,hardware,software,and procedures neededto create,manage,distribute,use,store and revoke digital certificates andmanage public-key cryptosystems.PKI-based identity management is ideal forfacilitating the secure machine-to-machine electronic transfer of information for arange of network activities such as e-commerce,internet banking,and cyber-physical systems.In AKE,a PKI is an arrangement that binds public keys withrespective identities of entities such as a personal computer or a company).

002 PKI-based Authenticated Key Exchange with Strong Security:Security Models,Constructions and Security Analysis

Namely,an entity that intends to use an AKE protocol may hold a certificate thatauthenticates its corresponding identity and pubic key.

The seminal work regarding key exchange is published by Diffie and Hellmanin 1976,so it is also known as Diffie-Hellman key exchange (DHKE).However,the DHKE protocol is only passively secure since authentication is not consideredin its design.There fore it is subject to many active attacks,among which theman-in-the-middle attack is one of the most famous attacks.In last decades,researchers have been trying to enhance the security of various kinds of keyexchange protocols to prevent the state-of-the-art novel attacks (e.g.,sidechannel attacks and malware)which have sprung up due to the development of ITtechnologies.In particular,the innovation of computing power,such as theinvention of the quantum computer,may bring a new kind of threat to theclassical cryptosystems.Therefore,an AKE protocol is always desired to bestrong enough secure to resist a wide range of attacks.Here we may call an AKEprotocol with strong security if it can provide the resilience of compromise ofcredentials of session participants,such as Ephemeral Key,Long-Term Key,and

Session Key.

Structure

This book consists of four parts:preliminary,security model,cryptanalysisof AKE protocols,and new AKE constructions.In the last three parts,we willintroduce the recent paper works that are led by Zheng YANG.

Part I:Preliminary.This part is about the preliminaries for understanding therest contents of this book,which include the cryptographic primitives andcomplexity assumptions.

Part ll:Security Model.We will introduce the state-of-the-art in-disting uishability-based security models for PKI-based AKE protocols in this part.Thesecurity model is the foundation of provable security that is a commonapproach for analyzing the security of cryptograms.

Chapter 1 Introduction 003

Chapter 3 examines the recently introduced CF and CF-PFS models fortwo-message authenticated key exchange (TMAKE)by Cremers et al.

This chapter shows the implication relations among CF,CF-PFS,eCK,and eCK-PFS models.Based on a generic transformation (compiler),itwill show how to build CF-PFS secure TMAKE protocols from CF secureAKE protocols.

The contents of this chapter are mainly from the paper [1].

Chapter 4 introduces the security proof problems caused by randomizedauthentication primitives (RAP)in the recent authenticated key exchange(AKE)protocols.Those RAP problems would invalidate the securityresult of such protocols in the corresponding security models.Thischapter will also give some general solution ideas and concrete examplesto avoid RAP problem,e.g.,by appropriately modifying the security

models.

The contents of this chapter are mainly from paper [2].

Chapter 5 presents a new security model for SAGKE to formulate securityproperties in particular for resistance to the leakage attacks on theephemeral key.To be of independent interest,the new security model isalso flexible,which can be used for analyzing either stateless or statefulAGKE protocols.

The contents of this chapter are mainly from paper [3].

Part I:Cryptanalysis of AKE Protocols.We will revisit the security ofsome AKE protocols with strong security that are recently proposed atgood venues.Some attacks against these protocols are introduced,whichwould invalidate their security results in the corresponding securitymodel.We will also show how to avoid these attacks,respectively.

Chapter 6 revisits the security result of an authenticated key exchange(AKE)scheme proposed in AsiaCCS'14 by Alawatugoda,Stebila,and

Boyd (which is referred to as ASB scheme).In this chapter,we will firstshow an attack against ASB scheme in the eCK model.This also impliesthat the insecurity of ASB scheme in the B(C)AFL-eCK model.Secondly,we will point out a security reduction problem of ASB scheme.A solution isproposed to fix the problem of ASB scheme with minimum changes,whichyields a new ASB'scheme.A new security proof of ASB'is given in the

004 PKI-based Authenticated Key Exchange with Strong Security:Security Models,Constructions and Security Analysis

random oracle model under Gap Diffie-Hellman assumption.

The contents of this chapter are mainly from paper [4].

Chapter 7 shows a key compromise impersonation (KCI)attack againstthe generic two-message key exchange (TMKE)scheme (which will bereferred to as KF)introduced by Kurosawa and Furukawa at CT-RSA2014.

The contents of this chapter are mainly from paper [5].

Chapter 8 introduces a perfect forward secrecy (PFS)attack against aone-round key exchange protocol published at the PKC'15 conference.Inthis chapter,an improvement is proposed to fix the problem of the BJSscheme with minimum changes.

The contents of this chapter are mainly from paper [6].

Part IV:New AKE Constructions.In this part,we focus on the new AKEconstructions,which can be proven secure in the models defined in

PartⅡ.

Chapter 9 introduces a generic construction for ORKE from non-interactive key exchange and signature,which has a much simplerstructure than the previous construction using the same building blocks.

In particular,the new construction also weakens the security assumptionson the underlying building blocks.That is,the static-CKS-light securityof NIKE,where the target identities are chosen by the adversary beforeseeing the system parameters,is sufficient for the construction.On thesecond,the signature scheme only needs to provide strong existentialunforgeability under weak chosen message attacks SEUF-wCMA).

These improvements enable the new protocol to have more concreteinstantiations,which might be easier to build and realize.

The contents of this chapter are mainly from paper 7].

Chapter 10 presents a new two-party one-round key exchange (ORKE)scheme in the post specified peer setting (post-setting).The ORKEscheme is provable secure in the CF-PFS model.The building blocks ofthe proposed scheme include decisional Diffie-Hellman problem,digitalsignature,double pseudo-random function,and collision resistant hashfunction.The proposed ORKE scheme is also the first eCK(-PFS)likesecure concrete protocol in the post-setting without both pairing and

Chapter 1 Introduction 005

random oracles.The construction idea of our DDH-based ORKE isparticularly extended to the group case under the multilinear map.Thisyields a very computational efficient strongly secure multiparty one-roundkey exchange MORKE)protocol in the standard model.For acommunication group with n members,our new MORKE schemesucceeds in reducing the number of multilinear operations from O(n)to0(1).

Some contents of this chapter are from the paper [8].

Chapter 11 introduces a new generic TMAKE scheme from the keyencapsulation mechanism (KEM).The new scheme particularly requiresthat the KEM should be secure against one-time adaptive chosenciphertext attacks (OT-IND-CCA2)which is improved from the previousschemes.Here,this new class of KEM is called as OTKEM.Inparticular,a new instantiation of OTKEM from Ring Learning with

Errors (Ring-LWE)problem is proposed in the standard model.Thisyields a concrete post-quantum TMKE protocol with strong security.Thesecurity of the TMAKE scheme is shown in CF-PFS model.

The contents of this chapter are mainly from paper [6].

Chapter 12 shows a new tree-based protocol construction for SAGKE.

The proposed scheme can be proven secure in the strong security modeldefined in Chapter 5.

The contents of this chapter are mainly from paper [3].

···试读结束···